package com.wpw.dream.interceptor;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.wpw.dream.common.LoginUser;

public class AdminAuthInterceptor extends HandlerInterceptorAdapter {

	//不需要登录访问的链接
	private static List<String> openRights = new ArrayList<String>();
	static
	{
		openRights.add("/不需要登录访问的链接");
		openRights.add("/artdialog/index.do");
	}
	
	
	public static final String NO_AUTHORITY = "/no_auth.html";
	
	public static final String LOGIN = "/login.html";
	
	public static final String SESSION_USER = "SESSION_USER";
	
	@Override
	public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
			throws Exception {
		String contextPath = request.getContextPath();
		
		String uri = request.getRequestURI().replace(contextPath, "");
		//不用验证权限的直接通过
		if (openRights.contains(uri)) {
			return true;
		}
		
		LoginUser user = makeLoginUser();
		
		LoginUser sessionUser = (LoginUser) request.getSession().getAttribute(SESSION_USER);
		
		sessionUser = user;
		
		if (sessionUser == null) {
			if (request.getHeader("x-requested-with") != null && request.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")){ //如果是ajax请求响应头会有，x-requested-with 
                response.setHeader("sessionstatus", "timeout");//在响应头设置session状态 
            }else{
               request.getRequestDispatcher(LOGIN).forward(request, response);
            }
			return false;
		}
		
		if (!checkAuthority(sessionUser, uri)) {
			if (request.getHeader("x-requested-with") != null && request.getHeader("x-requested-with").equalsIgnoreCase("XMLHttpRequest")){ //如果是ajax请求响应头会有，x-requested-with 
                response.setHeader("sessionstatus", "noauth");//在响应头设置session状态 
            }else{
               request.getRequestDispatcher(NO_AUTHORITY).forward(request, response);
            }
			
			return false;
			
		}
		
		return true;
		//response.sendRedirect(NO_AUTHORITY);
		
	}

	private LoginUser makeLoginUser() {
		LoginUser user = new LoginUser();
		return user;
	}

	private boolean checkAuthority(LoginUser sessionUser, String uri) {
		//TODO 查询所有配置权限,只是存的部分的权限需要这样做
		Set<String> allAuthorityUrls = new HashSet<String>();
		allAuthorityUrls.add("/artdialog/toDialog.do");
		if (allAuthorityUrls == null || !allAuthorityUrls.contains(uri)) {
			return true;
		}
		
		Set<String> authorityUrls = sessionUser.getAuthorityUrls();
		if (authorityUrls == null) {
			return false;
		}
		return authorityUrls.contains(uri);
		
	}

	@Override
	public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
			ModelAndView modelAndView) throws Exception {
		super.postHandle(request, response, handler, modelAndView);
	}

	@Override
	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
			throws Exception {
		super.afterCompletion(request, response, handler, ex);
	}

	
}
